#!/bin/sh
#
# Remove all traces of a user that was created with 'create_chroot'
#
# enchroot is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# enchroot is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser Public License for more details.
#
# You should have received a copy of the GNU Lesser Public License
# along with enchroot. If not, see <http://www.gnu.org/licenses/>.
#
# Copyright (c) 2010 charles@kollar.com
#

#
# Global configuraiton/options are set in this file...
. /usr/local/etc/enchroot.conf

RM=/bin/rm
UMOUNT=/bin/umount
GREP=/bin/grep


echo -n "Am I root?  "
if [ "$(whoami &2>/dev/null)" != "root" ] && [ "$(id -un &2>/dev/null)" != "root" ] ; then
  echo "  NO!

Error: You must be root to run this script."
  exit 1
fi
echo "  Yes";


USER=$1
if [ "$1" = "" ] ; then
  echo "No user given?"
  exit 0
fi


# ps squalks to stderr if the user does now exist...
RUNNING_PROC=`ps -u $USER -U $USER 2>/dev/null | tail +2 | wc -l`
if [ $RUNNING_PROC -gt 0 ] ; then
  echo "Cowardly refusing to delete user '$USER' who at this very moment has $RUNNING_PROC running processes."
  exit 1
fi


# A test is done to see if the user was created with the 'create_chroot'
# script before proceeding. 

# We have introduced a number of different shells (i.e., chroot_shell, mysql_shell), but they all
# end in "_shell"...
CHROOT_USER=`$GREP "^$USER" /etc/passwd | $GREP "_shell" -`
if [ "$CHROOT_USER" == "" ] ; then
  echo "User $USER does not appear to have been created by 'create_chroot'?"
fi


REALLY="no"
echo -n "Do you really want to delete all traces of the user '$USER' forever?! "
read -p "[yes/no] (no): " REALLY
if [ "$REALLY" != "yes" ]; then
  echo "User '$USER' will not be deleted."
  exit 0
fi

USER_ID=`id -u $USER 2>/dev/null`
if [ "$USER_ID" != "" ] ; then
  echo "Delete the user and their home directory..."
  /usr/sbin/userdel -r $USER
fi

# probably should check the group file...
# This will try to delete the group, and be silent if it does not exist...
echo "Delete the user's group..."
/usr/sbin/groupdel $USER 2> /dev/null

echo "Deleting the user's /etc/sudoers entries..."
SUDOERSTMP=/tmp/sudoers.$$
grep -v "^${USER} " /etc/sudoers > $SUDOERSTMP
cp $SUDOERSTMP /etc/sudoers
$RM -f $SUDOERSTMP

echo "Delete the user's public key authentication area..."
$RM -rf $PUBLIC_KEYS/$USER

echo "Deleting the user's AIDE files..."
$RM -rf $AIDEDIR/$USER

#
# Before deleting the jail, first dismount any file systems that were mounted for this user...
HOME_DIR=$HOME_CHROOT/$USER/home/$USER
HOME_P=`/bin/grep "encfs $HOME_DIR" /etc/mtab`
if [ "$HOME_P" != "" ] ; then
  echo "Dismounting Home directory $HOME_DIR"
  $UMOUNT $HOME_DIR
fi

DEV_DIR=$HOME_CHROOT/$USER/dev
DEV_P=`/bin/grep $DEV_DIR /etc/mtab`
if [ "$DEV_P" != "" ] ; then
  echo "Dismounting $DEV_DIR"
  $UMOUNT $DEV_DIR
fi

PROC_DIR=$HOME_CHROOT/$USER/proc
PROC_P=`/bin/grep $PROC_DIR /etc/mtab`
if [ "$PROC_P" != "" ] ; then
  echo "Dismounting $PROC_DIR"
  $UMOUNT $PROC_DIR
fi

MYSQL_DIR=$HOME_CHROOT/$USER/var/lib/mysql
MYSQL_P=`/bin/grep $MYSQL_DIR /etc/mtab`
if [ "$MYSQL_P" != "" ] ; then
  echo "Dismounting $MYSQL_DIR"
  $UMOUNT $MYSQL_DIR
fi

MATLAB_DIR=$HOME_CHROOT/$USER$USERMATLABPATH
MATLAB_P=`/bin/grep $MATLAB_DIR /etc/mtab`
if [ "$MATLAB_P" != "" ] ; then
  echo "Dismounting $MATLAB_DIR"
  $UMOUNT $MATLAB_DIR
fi

#
# With all of the file systems that hang off of the chroot jail now gone.
echo "Delete the user's jail."
$RM -rf --one-file-system $HOME_CHROOT/$USER

echo "Delete the user's encrypted data."
$RM -rf $HOME_ENCRYPTED/$USER
